search

rmosolgo / graphiql-rails

Mount the GraphiQL query editor in a Rails app
MIT License
447 stars 137 forks source link

Update GraphiQL & React, and use `graphiql.min.{js,css}` assets #98

Closed sambostock closed 8 months ago

sambostock commented 2 years ago

This updates the vendored dependencies

Package Old New
graphiql 2.4.0 2.4.1
Updates on original version of this PR Package|Old|New -|-|- `react`|`16.14.0`|`17.0.2` `react-dom`|`16.14.0`|`17.0.2` `graphiql`|`1.4.2`|`1.5.17`

and switches to using the minified version of the graphiql assets, which do not include Webpack's inline source maps, which require 'unsafe-eval' to be in the Content Security Policy of the host app.

Note that GraphiQL's .min.js still makes use of new Function("return this;"), meaning it still requires 'unsafe-eval', but that needs to be solved upstream. If that happens, we'll simply need to run rake update_graphiql again to get the fixed version.

This should contribute towards better addressing #46, rather than forcing the host app to loosen its Content Security Policy.

rmosolgo commented 8 months ago

Hey, thanks for these updates. I'm going to merge them then continue with a new update of these assets :+1: